php-general Digest 12 Feb 2003 07:00:41 -0000 Issue 1878
Topics (messages 135224 through 135274):
passing array as a form variable
135224 by: Edward Peloke
135225 by: Leif K-Brooks
135226 by: Jason Wong
Re: mail() and php.ini (Any Luck???)
135227 by: Scott Fletcher
135231 by: Reuben D. Budiardja
135232 by: Jason Wong
135233 by: Scott Fletcher
135244 by: Scott Fletcher
Re: PHP FTP a security risk?????
135228 by: Jason Wong
135229 by: Reuben D. Budiardja
135230 by: Christopher Ditty
135234 by: Chris Wesley
135239 by: Chris Wesley
135240 by: Christopher Ditty
135241 by: Chris Shiflett
135248 by: James E Hicks III
135256 by: Chris Wesley
135269 by: Jason Wong
135271 by: Chris Wesley
135272 by: Jason Wong
135274 by: Chris Wesley
Newbie php.ini
135235 by: Val Schmidt
passing a query string to a popup window problems
135236 by: Brad Esclavon
135237 by: John Nichel
135238 by: Kevin Stone
newbie-php user tracker prob
135242 by: Fireborn Silvaranth
135243 by: Chris Shiflett
135255 by: Fireborn Silvaranth
OO newb question....query results from a class
135245 by: Cory Hicks
135247 by: Chris Boget
Re: setcookie() in various browsers.. 3rd followup.. anyone?
135246 by: Chad Day
135268 by: Jason Wong
135273 by: Peter Janett
Re: File not rewritable - why? Help needed.
135249 by: Bobby Patel
Re: Why use XML?
135250 by: David Eisenhart
Re: [PHP-DEV] include() and sessions
135251 by: Chris Shiflett
possible mail() bug
135252 by: Matt Phillips
grief with printf(), padding and alignment of text
135253 by: Robert E. Harvey, M.D.
135263 by: Matt
concurrent fopen fwrite fclose
135254 by: Frederick L. Steinkopf
Re: File upload???
135257 by: Kenneth Suralta
135265 by: David Freeman
php & javascript drop down menu???
135258 by: Jeff Bluemel
Re: sorting multi-dimensional array where array elements are structs [simple class]
135259 by: Michael Sims
Re: PHP-based SMS solution
135260 by: YC Nyon
Classes, global objects, and pointers
135261 by: John Hughes
default php sessions in a database
135262 by: Robin Mordasiewicz
135264 by: Tom Rogers
Re: Need To Find A php Person
135266 by: rija
Issue saving php that includes constant---
135267 by: Shawn McKenzie
msession users
135270 by: Robin Mordasiewicz
Administrivia:
To subscribe to the digest, e-mail:
[EMAIL PROTECTED]
To unsubscribe from the digest, e-mail:
[EMAIL PROTECTED]
To post to the list, e-mail:
[EMAIL PROTECTED]
----------------------------------------------------------------------
--- Begin Message ---
Can I take the select array
Ex.
$myrow=mysql_fetch_array($result);
and pass this as a form variable to another page?
<input type='hidden' name='$myrow' value='$myrow'>
Thanks,
Eddie
--- End Message ---
--- Begin Message ---
www.php.net/serialize
www.php.net/unserialize
Edward Peloke wrote:
Can I take the select array
Ex.
$myrow=mysql_fetch_array($result);
and pass this as a form variable to another page?
<input type='hidden' name='$myrow' value='$myrow'>
Thanks,
Eddie
--
The above message is encrypted with double rot13 encoding. Any unauthorized attempt to decrypt it will be prosecuted to the full extent of the law.
--- End Message ---
--- Begin Message ---
On Wednesday 12 February 2003 02:56, Edward Peloke wrote:
> Can I take the select array
>
> Ex.
> $myrow=mysql_fetch_array($result);
>
>
> and pass this as a form variable to another page?
>
> <input type='hidden' name='$myrow' value='$myrow'>
archives > passing array
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Dow's Law:
In a hierarchical organization, the higher the level,
the greater the confusion.
*/
--- End Message ---
--- Begin Message ---
Someone send me an email to take a look at this
URL....http://www.php.net/manual/fi/ref.imap.php .
The send mail on Unix is too basic, not like MS-Exchange... I need things
like file attachment, Bcc, cc, etc.... Also, it is too slow because the
machine have problem with DNS while many Windows doesn't have this problem.
Thanks for the link to www.phpclasses.org . Will look into it.
Scott F.
"Jason Wong" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> On Wednesday 12 February 2003 02:12, Scott Fletcher wrote:
>
> > The webserver is a Unix machine. I don't want to send the email from
the
> > Unix machine, I want to do that from Window. So, if I configure hte
> > php.ini to find the MS-Exchange on Window and use it to send the email
> > while the webpage is on the Unix webserver, such as form fill out and
click
> > the send button.
> >
> > Have anyone try this and does it work? Anyone struggle with it?? I'm
> > going to go ahead and do it.
>
> It wouldn't work. On Unix, mail() uses the sendmail binary and ignores any
> SMTP setting. You can get yourself a mail class from www.phpclasses.org
which
> can use SMTP regardless of whether you're on Unix or Windows.
>
> Anyway, what is the reason for using an external mailserver?
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> ------------------------------------------
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> ------------------------------------------
> /*
> Mausoleum: The final and funniest folly of the rich.
> -- Ambrose Bierce
> */
>
--- End Message ---
--- Begin Message ---
On Tuesday 11 February 2003 02:19 pm, Scott Fletcher wrote:
> Someone send me an email to take a look at this
> URL....http://www.php.net/manual/fi/ref.imap.php .
>
> The send mail on Unix is too basic, not like MS-Exchange... I need things
> like file attachment, Bcc, cc, etc....
All of those can be done with sendmail. Bcc and cc can be done with just
adding extra header. In the php mail() function, it's the last argument IIRC.
There are a lot of classes out there that will allow you to put attachment
using the mail() function. Basically you only need the correct MIME-encoding
and stuff. Read the manual for mail() again in php.net, or google for php
mail attachment.
You have to do it the same way to even in Windoze machine. It's not because of
"sendmail on Unix is too basic".
If you still want to use Windoze smtp server for sending your mail, then I
think you need to open a socket connection to the machine running smtp. In my
opinion, this complicates stuff that can be done easier, but you can look
here:
http://www.php.net/manual/en/function.fsockopen.php.
There is even an example by some user contributed notes on how to do that.
> Also, it is too slow because the
> machine have problem with DNS while many Windows doesn't have this problem.
hmm.. that sounds like something misconfigured in the machine, maybe??
Hope that helps.
--RDB
> Thanks for the link to www.phpclasses.org . Will look into it.
>
> Scott F.
>
> "Jason Wong" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> > On Wednesday 12 February 2003 02:12, Scott Fletcher wrote:
> > > The webserver is a Unix machine. I don't want to send the email from
>
> the
>
> > > Unix machine, I want to do that from Window. So, if I configure hte
> > > php.ini to find the MS-Exchange on Window and use it to send the email
> > > while the webpage is on the Unix webserver, such as form fill out and
>
> click
>
> > > the send button.
> > >
> > > Have anyone try this and does it work? Anyone struggle with it?? I'm
> > > going to go ahead and do it.
> >
> > It wouldn't work. On Unix, mail() uses the sendmail binary and ignores
> > any SMTP setting. You can get yourself a mail class from
> > www.phpclasses.org
>
> which
>
> > can use SMTP regardless of whether you're on Unix or Windows.
> >
> > Anyway, what is the reason for using an external mailserver?
> >
> > --
> > Jason Wong -> Gremlins Associates -> www.gremlins.biz
> > Open Source Software Systems Integrators
> > * Web Design & Hosting * Internet & Intranet Applications Development *
> > ------------------------------------------
> > Search the list archives before you post
> > http://marc.theaimsgroup.com/?l=php-general
> > ------------------------------------------
> > /*
> > Mausoleum: The final and funniest folly of the rich.
> > -- Ambrose Bierce
> > */
--
-------------------------------------------------
/"\ ASCII Ribbon Campaign against HTML
\ / email and proprietary format
X attachments.
/ \
-------------------------------------------------
Have you been used by Microsoft today?
Choose your life. Choose freedom.
Choose LINUX.
-------------------------------------------------
--- End Message ---
--- Begin Message ---
On Wednesday 12 February 2003 03:19, Scott Fletcher wrote:
> The send mail on Unix is too basic, not like MS-Exchange... I need things
> like file attachment, Bcc, cc, etc....
I think you're missing the point somewhere. sendmail (in fact any MTA) will do
all that.
> Also, it is too slow because the
> machine have problem with DNS while many Windows doesn't have this problem.
That machine is probably misconfigured.
If you're looking for performance then, all things being equal (same machine,
same network connectivity), you're more likely to get that with a un*x system
than a Windows system.
In any case pumping mail through another machine (ie using SMTP) is always
slower than calling sendmail directly.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Abandon the search for Truth; settle for a good fantasy.
*/
--- End Message ---
--- Begin Message ---
No, nothing is misconfigured on this machine. The problem is the firewall
and the nameserver. So, the easy workaround to it is to use the MS-Exchange
on Window. Sendmail on Unix still doesn't allow me to use more stuffs, so I
had to use MS-Exchange. Sendmail is not the right kind of email service to
use, so I can't use it.
By the way, Found a nice open-source script at www.phpclasses.org that would
allow me to connect to MS-Exchange. Very nice, I'm going to use this.
Thanks!!!
Thanks,
Scott F.
"Reuben D. Budiardja" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tuesday 11 February 2003 02:19 pm, Scott Fletcher wrote:
> Someone send me an email to take a look at this
> URL....http://www.php.net/manual/fi/ref.imap.php .
>
> The send mail on Unix is too basic, not like MS-Exchange... I need things
> like file attachment, Bcc, cc, etc....
All of those can be done with sendmail. Bcc and cc can be done with just
adding extra header. In the php mail() function, it's the last argument
IIRC.
There are a lot of classes out there that will allow you to put attachment
using the mail() function. Basically you only need the correct MIME-encoding
and stuff. Read the manual for mail() again in php.net, or google for php
mail attachment.
You have to do it the same way to even in Windoze machine. It's not because
of
"sendmail on Unix is too basic".
If you still want to use Windoze smtp server for sending your mail, then I
think you need to open a socket connection to the machine running smtp. In
my
opinion, this complicates stuff that can be done easier, but you can look
here:
http://www.php.net/manual/en/function.fsockopen.php.
There is even an example by some user contributed notes on how to do that.
> Also, it is too slow because the
> machine have problem with DNS while many Windows doesn't have this
problem.
hmm.. that sounds like something misconfigured in the machine, maybe??
Hope that helps.
--RDB
> Thanks for the link to www.phpclasses.org . Will look into it.
>
> Scott F.
>
> "Jason Wong" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> > On Wednesday 12 February 2003 02:12, Scott Fletcher wrote:
> > > The webserver is a Unix machine. I don't want to send the email from
>
> the
>
> > > Unix machine, I want to do that from Window. So, if I configure hte
> > > php.ini to find the MS-Exchange on Window and use it to send the email
> > > while the webpage is on the Unix webserver, such as form fill out and
>
> click
>
> > > the send button.
> > >
> > > Have anyone try this and does it work? Anyone struggle with it?? I'm
> > > going to go ahead and do it.
> >
> > It wouldn't work. On Unix, mail() uses the sendmail binary and ignores
> > any SMTP setting. You can get yourself a mail class from
> > www.phpclasses.org
>
> which
>
> > can use SMTP regardless of whether you're on Unix or Windows.
> >
> > Anyway, what is the reason for using an external mailserver?
> >
> > --
> > Jason Wong -> Gremlins Associates -> www.gremlins.biz
> > Open Source Software Systems Integrators
> > * Web Design & Hosting * Internet & Intranet Applications Development *
> > ------------------------------------------
> > Search the list archives before you post
> > http://marc.theaimsgroup.com/?l=php-general
> > ------------------------------------------
> > /*
> > Mausoleum: The final and funniest folly of the rich.
> > -- Ambrose Bierce
> > */
--
-------------------------------------------------
/"\ ASCII Ribbon Campaign against HTML
\ / email and proprietary format
X attachments.
/ \
-------------------------------------------------
Have you been used by Microsoft today?
Choose your life. Choose freedom.
Choose LINUX.
-------------------------------------------------
--- End Message ---
--- Begin Message ---
I can see what you meant about the MIME-encoding and stuffs. This is pretty
cool also.....
"Reuben D. Budiardja" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Tuesday 11 February 2003 02:19 pm, Scott Fletcher wrote:
> Someone send me an email to take a look at this
> URL....http://www.php.net/manual/fi/ref.imap.php .
>
> The send mail on Unix is too basic, not like MS-Exchange... I need things
> like file attachment, Bcc, cc, etc....
All of those can be done with sendmail. Bcc and cc can be done with just
adding extra header. In the php mail() function, it's the last argument
IIRC.
There are a lot of classes out there that will allow you to put attachment
using the mail() function. Basically you only need the correct MIME-encoding
and stuff. Read the manual for mail() again in php.net, or google for php
mail attachment.
You have to do it the same way to even in Windoze machine. It's not because
of
"sendmail on Unix is too basic".
If you still want to use Windoze smtp server for sending your mail, then I
think you need to open a socket connection to the machine running smtp. In
my
opinion, this complicates stuff that can be done easier, but you can look
here:
http://www.php.net/manual/en/function.fsockopen.php.
There is even an example by some user contributed notes on how to do that.
> Also, it is too slow because the
> machine have problem with DNS while many Windows doesn't have this
problem.
hmm.. that sounds like something misconfigured in the machine, maybe??
Hope that helps.
--RDB
> Thanks for the link to www.phpclasses.org . Will look into it.
>
> Scott F.
>
> "Jason Wong" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> > On Wednesday 12 February 2003 02:12, Scott Fletcher wrote:
> > > The webserver is a Unix machine. I don't want to send the email from
>
> the
>
> > > Unix machine, I want to do that from Window. So, if I configure hte
> > > php.ini to find the MS-Exchange on Window and use it to send the email
> > > while the webpage is on the Unix webserver, such as form fill out and
>
> click
>
> > > the send button.
> > >
> > > Have anyone try this and does it work? Anyone struggle with it?? I'm
> > > going to go ahead and do it.
> >
> > It wouldn't work. On Unix, mail() uses the sendmail binary and ignores
> > any SMTP setting. You can get yourself a mail class from
> > www.phpclasses.org
>
> which
>
> > can use SMTP regardless of whether you're on Unix or Windows.
> >
> > Anyway, what is the reason for using an external mailserver?
> >
> > --
> > Jason Wong -> Gremlins Associates -> www.gremlins.biz
> > Open Source Software Systems Integrators
> > * Web Design & Hosting * Internet & Intranet Applications Development *
> > ------------------------------------------
> > Search the list archives before you post
> > http://marc.theaimsgroup.com/?l=php-general
> > ------------------------------------------
> > /*
> > Mausoleum: The final and funniest folly of the rich.
> > -- Ambrose Bierce
> > */
--
-------------------------------------------------
/"\ ASCII Ribbon Campaign against HTML
\ / email and proprietary format
X attachments.
/ \
-------------------------------------------------
Have you been used by Microsoft today?
Choose your life. Choose freedom.
Choose LINUX.
-------------------------------------------------
--- End Message ---
--- Begin Message ---
On Wednesday 12 February 2003 02:54, Christopher Ditty wrote:
> Hello all. I have a customer that purchased on of my scripts and
> attempted
> to install it on their server. This script, among other things, FTPs a
> text file
> from a central server. When we tried to run my script, it simply
> stops. No
> errors, no nothing. I talked to his host and found out that they do
> not allow
> PHP FTP because it is a security risk. ????? Ummmm, ok?
So you're tranferring a file from SOMEWHERE to the server that your website is
hosted on? If so then the reasons outline below ...
> I have been speaking with our linux techs, and have gained a more
> complete understanding of the feature in PHP that you want to use. We
[snip]
... is very uninformed. The problems mentioned would only apply if running an
FTP server (and probably only of concern if running a notoriously buggy
server such as WU-ftp).
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
You will pioneer the first Martian colony.
*/
--- End Message ---
--- Begin Message ---
On Tuesday 11 February 2003 02:11 pm, Jason Wong wrote:
> On Wednesday 12 February 2003 02:54, Christopher Ditty wrote:
> > Hello all. I have a customer that purchased on of my scripts and
> > attempted
> > to install it on their server. This script, among other things, FTPs a
> > text file
> > from a central server. When we tried to run my script, it simply
> > stops. No
> > errors, no nothing. I talked to his host and found out that they do
> > not allow
> > PHP FTP because it is a security risk. ????? Ummmm, ok?
>
> So you're tranferring a file from SOMEWHERE to the server that your website
> is hosted on? If so then the reasons outline below ...
>
> > I have been speaking with our linux techs, and have gained a more
> > complete understanding of the feature in PHP that you want to use. We
>
> [snip]
>
> ... is very uninformed. The problems mentioned would only apply if running
> an FTP server (and probably only of concern if running a notoriously buggy
> server such as WU-ftp).
I agree with that. It's only a (potential) problem if you're running an FTP
server, not client.
The one thing that makes me curious is as to how webhost ban this ftp client.
You said you're only transferring text file. Does the server that you're
transferring the file from offer other methods than FTP? how about HTTP?
RDB
--
-------------------------------------------------
/"\ ASCII Ribbon Campaign against HTML
\ / email and proprietary format
X attachments.
/ \
-------------------------------------------------
--- End Message ---
--- Begin Message ---
Unfortunately, I can only get the file via FTP. I just want to know
where this other host got it's information.
Chris
>>> "Reuben D. Budiardja" <[EMAIL PROTECTED]> 02/11/03
01:35PM >>>
On Tuesday 11 February 2003 02:11 pm, Jason Wong wrote:
I agree with that. It's only a (potential) problem if you're running an
FTP
server, not client.
The one thing that makes me curious is as to how webhost ban this ftp
client.
You said you're only transferring text file. Does the server that
you're
transferring the file from offer other methods than FTP? how about
HTTP?
--- End Message ---
--- Begin Message ---
On Tue, 11 Feb 2003, Christopher Ditty wrote:
> errors, no nothing. I talked to his host and found out that they do
> not allow PHP FTP because it is a security risk. ????? Ummmm, ok?
I consider FTP a security risk, period. (There /are/ ways to run an FTP
server securely, but I won't assume everyone, or even anyone, knows this.)
The possibility of having plain-text authentication flying around ...
security risk. This is probably the perspective of your hosting company.
You may want to only access a server which provides anonymous FTP. You
might not use the same username and password to the FTP server that you
use on the hosting server. You might only be accessing a server on a
trusted network. But you're just one user. From a sysadmin perspective,
that's a lot of assumptions made about all the other users who could
potentially use those FTP functions and not take the precautions you took.
(Not to mention, that it's a bit rude to expose someone's FTP server to
compromise just because the security issue doesn't affect the hosting
server. Plain-text authentication, such that FTP and Telnet use, are the
bane of sysadmin existence ... usernames and passwords are sniffed too
easily.)
That said ... FTP is a protocol; there's nothing stopping you from
opening a socket and talking FTP back & forth across it (unless your host
has disabled fsockopen() too). If you know the protocol, you probably
know how and why to avoid its security concerns.
Other options: Move to a less security-minded hosting provider (looks
like you've already started that), or ask the FTP server admin to provide
download access to your file via HTTP.
... hope that provides some insight.
~Chris
--- End Message ---
--- Begin Message ---
On Tue, 11 Feb 2003, Chris Wesley wrote:
> On Tue, 11 Feb 2003, Christopher Ditty wrote:
>
> > errors, no nothing. I talked to his host and found out that they do
> > not allow PHP FTP because it is a security risk. ????? Ummmm, ok?
>
> That said ... FTP is a protocol; there's nothing stopping you from
> opening a socket and talking FTP back & forth across it (unless your host
> has disabled fsockopen() too). If you know the protocol, you probably
> know how and why to avoid its security concerns.
>
> Other options: Move to a less security-minded hosting provider (looks
> like you've already started that), or ask the FTP server admin to provide
> download access to your file via HTTP.
You might find this interesting too -- straight from Example 1 for fopen()
in the PHP manual: http://www.php.net/manual/en/function.fopen.php
$handle = fopen ("ftp://user:[EMAIL PROTECTED]/somefile.txt";, "w");
b.careful ... g.luck,
~Chris
--- End Message ---
--- Begin Message ---
Chris, Did you read the rest of the message? It sounds like the web
host is saying that
someone can access PHP FTP from an outside server and hack into the
server.
I am not trying to start a debate on whether or not people should send
passwords and
userids over plain text. Yes, that is a security risk. My concern is
that this webhost is
telling my customer that PHP FTP itself is a security risk when it does
nothing more than
act like ws-ftp.
>>> "Chris Wesley" <[EMAIL PROTECTED]> 02/11/03 02:22PM >>>
On Tue, 11 Feb 2003, Chris Wesley wrote:
> On Tue, 11 Feb 2003, Christopher Ditty wrote:
>
> > errors, no nothing. I talked to his host and found out that they
do
> > not allow PHP FTP because it is a security risk. ????? Ummmm,
ok?
>
> That said ... FTP is a protocol; there's nothing stopping you from
> opening a socket and talking FTP back & forth across it (unless your
host
> has disabled fsockopen() too). If you know the protocol, you
probably
> know how and why to avoid its security concerns.
>
> Other options: Move to a less security-minded hosting provider
(looks
> like you've already started that), or ask the FTP server admin to
provide
> download access to your file via HTTP.
You might find this interesting too -- straight from Example 1 for
fopen()
in the PHP manual: http://www.php.net/manual/en/function.fopen.php
$handle = fopen ("ftp://user:[EMAIL PROTECTED]/somefile.txt";, "w");
b.careful ... g.luck,
~Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
--- Christopher Ditty <[EMAIL PROTECTED]> wrote:
> This script, among other things, FTPs a text file from a central server.
> When we tried to run my script, it simply stops. No errors, no nothing.
> I talked to his host and found out that they do not allow PHP FTP because
> it is a security risk.
This is probably just a lot of miscommunication. My initial guess is that you
are talking about running an FTP client, and they are talking about running an
FTP server.
For them to allow PHP's FTP extension, they would need to configure PHP with
the --enable-ftp flag as described here:
http://www.php.net/manual/en/ref.ftp.php
They may not have done this, and your script would exit with an error similar
to the following:
Fatal error: Call to undefined function: ftp_connect()...
Are you sure there are no errors? I am assuming you viewed the source, not just
the browser's rendered page.
If you are using fopen() to retrieve a file via FTP, it is possible that your
host uses the --disable-url-fopen-wrapper flag to disable this. This is
generally done to protect the inexperienced developers who may use these
functions with unvalidated client data, opening themselves to security risks.
> I have been speaking with our linux techs, and have gained a more complete
> understanding of the feature in PHP that you want to use. We actually did
> have it enabled at one point, and it caused the server to be compromised.
This sounds like they are thinking about an FTP server.
> Essentially, it allows people on a machine to be able to transfer files from
> anywhere on the internet. This begs for people who want to run warez sites,
> and the like, to hack the server, and use it for their own illegal software
> stores. The level of permission required to allow this to run allows people
> to essentially load, and run whatever they want. This is an EXTREME security
> problem.
This demonstrates that they have no idea what they are talking about and have
been scared by stories of security vulnerabilities found in FTP servers (such
as WU-FTP). By their logic, if Apache had security vulnerabilities, it would be
best to not allow people to run Mozilla.
> It is the opinion of our techs, that if you are running this, eventaully,
> you WILL be hacked. There a plenty of things that can be done to ftp to a
> machine without that functionality running.
There seems to be too much confusion going on here for these people to be Web
hosts. You're probably wise to be leaving anyway.
Chris
--- End Message ---
--- Begin Message ---
Please correct me if I am wrong, but it is impossible for a remote machine to
make an ftp connection to local machine running just PHP/Apache/Mysql. The ftp
functions available in PHP enable PHP scripts to act as an FTP client and can
not be used to accept remote FTP connections.
Other functions (the socket functions) however, could be used to create what is
needed in order provide the FTP server functionality that your ISP fears. It is
these functions that your ISP should be disabling and not the FTP functions in
order to protect themselves from a client allowing FTP access via a PHP script
that they have written.
James Hicks
-----Original Message-----
From: Christopher Ditty [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 11, 2003 3:34 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [PHP] PHP FTP a security risk?????
Chris, Did you read the rest of the message? It sounds like the web
host is saying that
someone can access PHP FTP from an outside server and hack into the
server.
I am not trying to start a debate on whether or not people should send
passwords and
userids over plain text. Yes, that is a security risk. My concern is
that this webhost is
telling my customer that PHP FTP itself is a security risk when it does
nothing more than
act like ws-ftp.
>>> "Chris Wesley" <[EMAIL PROTECTED]> 02/11/03 02:22PM >>>
On Tue, 11 Feb 2003, Chris Wesley wrote:
> On Tue, 11 Feb 2003, Christopher Ditty wrote:
>
> > errors, no nothing. I talked to his host and found out that they
do
> > not allow PHP FTP because it is a security risk. ????? Ummmm,
ok?
>
> That said ... FTP is a protocol; there's nothing stopping you from
> opening a socket and talking FTP back & forth across it (unless your
host
> has disabled fsockopen() too). If you know the protocol, you
probably
> know how and why to avoid its security concerns.
>
> Other options: Move to a less security-minded hosting provider
(looks
> like you've already started that), or ask the FTP server admin to
provide
> download access to your file via HTTP.
You might find this interesting too -- straight from Example 1 for
fopen()
in the PHP manual: http://www.php.net/manual/en/function.fopen.php
$handle = fopen ("ftp://user:[EMAIL PROTECTED]/somefile.txt";, "w");
b.careful ... g.luck,
~Chris
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--- End Message ---
--- Begin Message ---
On Tue, 11 Feb 2003, Christopher Ditty wrote:
> Chris, Did you read the rest of the message? It sounds like the web
Yes, I read your entire message.
> host is saying that
> someone can access PHP FTP from an outside server and hack into the
> server.
That's precisely NOT what the hosting provider said (at least it's not
what my appreciation for running a secured web host led me to believe they
said). I don't expect you to be a security expert, but think with me
through a very common scenario sysadmins must account for. I'll use the
word "you" in a general sense:
You access an FTP server with a user name and a password to retrieve a
file via PHP FTP. The user name and password is the same that grants
you access to your hosting providers server. (People do this
v.frequently. Most people have trouble remembering one
username/password, so they make the dangerous choice to use one
username/password over and over again.) A malicious individual sniffs
your username and password while you transfer a file via FTP from to you
hosting provider. Once the individual has his way with your FTP site
using your credentials, (s)he does the obvious next step ... attempts to
use the same credentials to gain access to your hosting providers
server.
Make sense? That didn't take much time, effort, or thought to get the
hosting provider compromised. And note that it had nothing to do with
PHP. It has everything to do with FTP itself.
Like I said, originally, you and/or your customer might take precautions
against something like this, but there's no way a responsible sysadmin can
assume or be assured that every user on a system will do the same.
The hosting provider isn't trying to protect itself from malicious people
attacking some vulnerability in PHP's FTP extensions. The webhost is
trying to protect itself from it's own users who might code somthing using
an insecure protocol which might allow malicious people easily gain access
credentials to its servers, or othewise allow abuse of a server's
resources. PHP's FTP extenstions aren't a security risk. The security
risk is what users can do with FTP.
At the /risk/ of introducing more reasons for the webhost to disallow the
FTP extensions, forward them this thread and ask if these are indeed
their reasons.
> I am not trying to start a debate on whether or not people should send
> passwords and userids over plain text. Yes, that is a security risk.
> My concern is that this webhost is telling my customer that PHP FTP
> itself is a security risk when it does nothing more than act like
> ws-ftp.
Ws-ftp uses plain-text authentication. The FTP extension to PHP uses
plain-text authentication. (Neither has a choice, since FTP is a
plain-text protocol.) They both present security risks for the same
reason.
~Chris
--- End Message ---
--- Begin Message ---
On Wednesday 12 February 2003 07:46, Chris Wesley wrote:
> On Tue, 11 Feb 2003, Christopher Ditty wrote:
> > Chris, Did you read the rest of the message? It sounds like the web
>
> Yes, I read your entire message.
>
> > host is saying that
> > someone can access PHP FTP from an outside server and hack into the
> > server.
>
> That's precisely NOT what the hosting provider said (at least it's not
> what my appreciation for running a secured web host led me to believe they
> said). I don't expect you to be a security expert, but think with me
> through a very common scenario sysadmins must account for. I'll use the
> word "you" in a general sense:
I think you're giving that hosting provider more credit than they deserve.
Their reply really puts across the impression (fact?) that they are clueless.
> You access an FTP server with a user name and a password to retrieve a
> file via PHP FTP. The user name and password is the same that grants
> you access to your hosting providers server. (People do this
> v.frequently. Most people have trouble remembering one
> username/password, so they make the dangerous choice to use one
> username/password over and over again.) A malicious individual sniffs
> your username and password while you transfer a file via FTP from to you
> hosting provider. Once the individual has his way with your FTP site
> using your credentials, (s)he does the obvious next step ... attempts to
> use the same credentials to gain access to your hosting providers
> server.
Even they they are not clueless and they were trying to say what you're
saying, it is still a very poor argument.
So they allow incoming FTP (presumably that's what people use to upload their
site) but disallow outgoing FTP because someone might sniff the
username/password? Does it make sense?
[snip]
> Ws-ftp uses plain-text authentication. The FTP extension to PHP uses
> plain-text authentication. (Neither has a choice, since FTP is a
> plain-text protocol.) They both present security risks for the same
> reason.
A security risk in that someone might be able to get your login credentials
and upload stuff to your FTP space, BUT not necessarily a security risk to
the server itself. Modern FTP servers support virtual users and chroot so the
risk of server compromise is minimised.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Think sideways!
-- Ed De Bono
*/
--- End Message ---
--- Begin Message ---
On Wed, 12 Feb 2003, Jason Wong wrote:
> On Wednesday 12 February 2003 07:46, Chris Wesley wrote:
> > You access an FTP server with a user name and a password to retrieve a
> > file via PHP FTP. The user name and password is the same that grants
> > you access to your hosting providers server. (People do this
> > v.frequently. Most people have trouble remembering one
> > username/password, so they make the dangerous choice to use one
> > username/password over and over again.) A malicious individual sniffs
> > your username and password while you transfer a file via FTP from to you
> > hosting provider. Once the individual has his way with your FTP site
> > using your credentials, (s)he does the obvious next step ... attempts to
> > use the same credentials to gain access to your hosting providers
> > server.
>
> Even they they are not clueless and they were trying to say what you're
> saying, it is still a very poor argument.
Why? What's a better argument? It's certainly just a piece of a much
larger argument, but avoiding a full-fledged lecture outside the immediate
context of the original question (and trying to keep it related to PHP
somehow) makes it brief.
> So they allow incoming FTP (presumably that's what people use to upload their
> site) but disallow outgoing FTP because someone might sniff the
> username/password? Does it make sense?
>
> [snip]
>
> > Ws-ftp uses plain-text authentication. The FTP extension to PHP uses
> > plain-text authentication. (Neither has a choice, since FTP is a
> > plain-text protocol.) They both present security risks for the same
> > reason.
>
> A security risk in that someone might be able to get your login credentials
> and upload stuff to your FTP space, BUT not necessarily a security risk to
> the server itself. Modern FTP servers support virtual users and chroot so the
> risk of server compromise is minimised.
Not so. Nevermind gaining access to the hosting server via FTP. With
stolen credentials, one might log into the server via SSH, or gain access
to other services on the box with the stolen credentials. It doesn't
matter what modern service you have running ... once you've stolen the
keys, you're in, and you can do /something/ you're not supposed to do.
I've seen chrooted home directories in exactly one place. You'll almost
never find them in a shared hosting environment. Most likely, there are
quotas. Even so, the risk of having unauthorized users on your server(s)
is not acceptable under any circumstances, especially through one avenue
you know you can shut down. With the quotas in todays shared hosting
offerings, there's enough space to distribute/run/launch a myriad of
malicious software, or simply replace the account owner's content with
warez for a short time. The risks range from a minor pain in the ass to
becoming a platform for launching [D]DoS attacks, worms, or viruses.
On the Internet, risk is risk, big or small, and none if good. Do away
with as much of it as you can.
~Chris
--- End Message ---
--- Begin Message ---
On Wednesday 12 February 2003 14:02, Chris Wesley wrote:
> Why? What's a better argument? It's certainly just a piece of a much
> larger argument, but avoiding a full-fledged lecture outside the immediate
> context of the original question (and trying to keep it related to PHP
> somehow) makes it brief.
>
> > So they allow incoming FTP (presumably that's what people use to upload
> > their site) but disallow outgoing FTP because someone might sniff the
> > username/password? Does it make sense?
OK, in keeping with the original question, again, why would they allow
incoming FTP but disallow outgoing FTP? What is the incremental risk?
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
QOTD:
"Everything I am today I owe to people, whom it is now
to late to punish."
*/
--- End Message ---
--- Begin Message ---
On Wed, 12 Feb 2003, Jason Wong wrote:
> On Wednesday 12 February 2003 14:02, Chris Wesley wrote:
>
> > Why? What's a better argument? It's certainly just a piece of a much
> > larger argument, but avoiding a full-fledged lecture outside the immediate
> > context of the original question (and trying to keep it related to PHP
> > somehow) makes it brief.
> >
> > On Wed, 12 Feb 2003, Jason Wong wrote:
> > > So they allow incoming FTP (presumably that's what people use to upload
> > > their site) but disallow outgoing FTP because someone might sniff the
> > > username/password? Does it make sense?
>
> OK, in keeping with the original question, again, why would they allow
> incoming FTP but disallow outgoing FTP? What is the incremental risk?
The original question dealt with making an FTP connection to an outside
FTP site from a web host. The FTP server and the web server aren't run by
the same people/company. The web hosting provider objected to allowing
outgoing FTP connections. Nowhere in this thread is the opinion of the
owner of the FTP site about incoming or outgoing FTP connections. Also,
nowhere in this thread is mentioned how files are uploaded to the web
host. That's left to our imaginations, I guess.
If you assume the users use FTP for uploads, then you have to assume the
hosting company is a band of hypocrites.
If you assume the users use SFTP or SCP for uploads, then you have to
assume the hosting company's objection to outgoing FTP is actually
addressing a security concern. I erred to this side so as not not unduely
ridicule anyone, and to share some pertinent insight from my experiences
with running a secure shared host. Also, the manager-speak in the
original message included verbiage from the hosting company stating that
the company had already been burned by a similar circumstance. They
apparently learned from it and are being somewhat smart about what they
enable and disable. I gave them the benefit of the doubt on whether they
were really addressing a security concern ... and I agree that there is a
security concern to address.
~Chris
--- End Message ---
--- Begin Message ---
I'm completely new to php but am interested in getting things runnng on a
"live" apache server. The default php.ini file has a huge security
disclaimer at the top stating that the default configuration is not
sufficiently secure for "production". It references the php manual chapter
on security for more information.
I've read the manual, but in my green state it's still not clear to me what
I should change to keep my server from being hacked.
Would anyone be able to provide a "standard" ini file or list of changes to
the default that would keep me out of trouble with regards to security and
let me learn to use php as time permits?
Thanks,
Val
--- End Message ---
--- Begin Message ---
I am trying to pass 2 variable values(username and userpassword) to a popup
window to display those values when a button is clicked. When the window
pops up, the variable names aren't displayed because they havent been
passed.
Here is the code:
onclick="window.open('http://www.bluedorado.com/bdnfosrc/distributionpopup.p
hp?formuser=$formuser&formpassword=$formpassword','BD_Hit_Distribution','hei
ght=300,width=600,menubar=0,status=0')";>
Any ideas why the values arent being passed?
--- End Message ---
--- Begin Message ---
What's the value of $_GET['formuser'] and $_GET['formpassword'] in your
pop up window?
Brad Esclavon wrote:
I am trying to pass 2 variable values(username and userpassword) to a popup
window to display those values when a button is clicked. When the window
pops up, the variable names aren't displayed because they havent been
passed.
Here is the code:
onclick="window.open('http://www.bluedorado.com/bdnfosrc/distributionpopup.p
hp?formuser=$formuser&formpassword=$formpassword','BD_Hit_Distribution','hei
ght=300,width=600,menubar=0,status=0')";>
Any ideas why the values arent being passed?
--- End Message ---
--- Begin Message ---
What does that string look like when it is outputed? You're asking us to
assume that $formuser and $formpassword are there in the first place.
- Kevin
----- Original Message -----
From: "Brad Esclavon" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 11, 2003 1:09 PM
Subject: [PHP] passing a query string to a popup window problems
> I am trying to pass 2 variable values(username and userpassword) to a
popup
> window to display those values when a button is clicked. When the window
> pops up, the variable names aren't displayed because they havent been
> passed.
> Here is the code:
>
>
onclick="window.open('http://www.bluedorado.com/bdnfosrc/distributionpopup.p
>
hp?formuser=$formuser&formpassword=$formpassword','BD_Hit_Distribution','hei
> ght=300,width=600,menubar=0,status=0')";>
>
> Any ideas why the values arent being passed?
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--- End Message ---
--- Begin Message ---
Pretty new to PHP but I've always wanted to make a user tracking system.
I'm trying to grab a number (sessionNum) out of a text file and increment it whenever
someone leaves and comes back to the site.. the problem is the text file appears to be
cached somewhere, the first time someone comes back the value is incremented and
appended but if they leave again and then come back the file's contents appear to be
unchanged. Opening the file up after the first time reveals that it has been appended
but after subsequent visits it is not (but yet it still goes through the function).
I tried just appending the info on with 'a' but since it didnt work I have it
rewriting the whole file.... still doesnt work however...
thanks if you can give any help.
an example of the file's contents:
1-12:17:2:Tuesday:February:11:2003--page1,page2,page3,
(sessionNum-date-referer-pagelist)
the function I'm using :
function incSession($trackFile, $pagename){
if (file_exists($trackFile)){
//read the file
$fileLine = file_get_contents($trackFile);
print "alert('File contents before write : $fileLine');";
//split the tracker file's contents into major sections
Session-Date-Referer-Pages
$headerArray = explode("-", $fileLine);
//get correct entry for last session number in the tracker file
$headerArrLen = count($headerArray);
$arrayentry = $headerArrLen - 3; //back 3 to get last session number entry
$arrayentry = $arrayentry - 1; //correct number to account for number sys.
beggining with 0
//get the old session number and increment it
$sessionNum = $headerArray[$arrayentry];
$sessionNum = $sessionNum + 1;
//get timestamp-user function
$currentDate = makeDate('PHP');
//get referer site if it exists
$referer = $_SERVER['HTTP_REFERER'];
//put it together for output
$addon = '-' . $sessionNum . '-' . $currentDate . '-' . $referer . '-' .
$pagename;
$everything = $fileLine . $addon;
print "alert('To be appended to file : $addon');";
print "alert('File contents after write : $everything');";
//user tracker file is appended with new session date referer and page
$fp = fopen($trackFile, 'w');
fwrite($fp, $everything);
fclose($fp);
}
}
--- End Message ---
--- Begin Message ---
--- Fireborn Silvaranth <[EMAIL PROTECTED]> wrote:
> I'm trying to grab a number (sessionNum) out of a text file and increment
> it whenever someone leaves and comes back to the site.
How about this:
<?
session_start();
if (!isset($_SESSION['count']))
{
$_SESSION['count'] = 0;
}
else
{
$_SESSION['count']++;
}
echo 'You have visited ' . $_SESSION['count'] . ' times before.';
?>
Chris
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Chris Shiflett" <[EMAIL PROTECTED]>
To: "Fireborn Silvaranth" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, February 11, 2003 1:04 PM
Subject: Re: [PHP] newbie-php user tracker prob
Pretty new to PHP but I've always wanted to make a user tracking system.
I'm trying to grab a number (sessionNum) out of a text file and increment it
whenever someone leaves and comes back to the site.. the problem is the text
file appears to be cached somewhere, the first time someone comes back the
value is incremented and appended but if they leave again and then come back
the file's contents appear to be unchanged. Opening the file up after the
first time reveals that it has been appended but after subsequent visits it
is not (but yet it still goes through the function).
I tried just appending the info on with 'a' but since it didnt work I have
it rewriting the whole file.... still doesnt work however...
thanks if you can give any help.
an example of the file's contents:
1-12:17:2:Tuesday:February:11:2003--page1,page2,page3,
(sessionNum-date-referer-pagelist)
the function I'm using :
function incSession($trackFile, $pagename){
if (file_exists($trackFile)){
//read the file
$fileLine = file_get_contents($trackFile);
print "alert('File contents before write : $fileLine');";
//split the tracker file's contents into major sections
Session-Date-Referer-Pages
$headerArray = explode("-", $fileLine);
//get correct entry for last session number in the tracker file
$headerArrLen = count($headerArray);
$arrayentry = $headerArrLen - 3; //back 3 to get last session number
entry
$arrayentry = $arrayentry - 1; //correct number to account for number
sys. beggining with 0
//get the old session number and increment it
$sessionNum = $headerArray[$arrayentry];
$sessionNum = $sessionNum + 1;
//get timestamp-user function
$currentDate = makeDate('PHP');
//get referer site if it exists
$referer = $_SERVER['HTTP_REFERER'];
//put it together for output
$addon = '-' . $sessionNum . '-' . $currentDate . '-' . $referer . '-'
. $pagename;
$everything = $fileLine . $addon;
print "alert('To be appended to file : $addon');";
print "alert('File contents after write : $everything');";
//user tracker file is appended with new session date referer and page
$fp = fopen($trackFile, 'w');
fwrite($fp, $everything);
fclose($fp);
}
}
> --- Fireborn Silvaranth <[EMAIL PROTECTED]> wrote:
> > I'm trying to grab a number (sessionNum) out of a text file and
increment
> > it whenever someone leaves and comes back to the site.
>
> How about this:
>
> <?
> session_start();
> if (!isset($_SESSION['count']))
> {
> $_SESSION['count'] = 0;
> }
> else
> {
> $_SESSION['count']++;
> }
>
> echo 'You have visited ' . $_SESSION['count'] . ' times before.';
> ?>
>
> Chris
That's a good way to handle it while they're in the browser but what if they
close it and log off then come back on and visit again? I want to track the
user as they move through my site, write what pages they go to and when they
log onto my site, where they come from and how many times they come.
I thought about logging their IP but what good does that do when a lot of
people still have dial up? I could set a cookie, and I have tried that,
however when I try to access that cookie with PHP upon their return it does
not see it. Javascript sees the cookie fine but by then PHP is done
processing.
It could be that I set the cookie with Javascript but even then PHP still
sees it after the page is reloaded or the user browses to the next page. I
couldn't set the cookie with PHP because I needed it to occur after checking
to see if they had a cookie etc... I tried using output buffering but it
still didnt work.
I read in the manual that sessions are just meant to last as long as the
user is in the browser so I dont know what to do.
Your thoughts on this?
Learning is fun!
--- End Message ---
--- Begin Message ---
Hello!
I am just getting going with OO stuff and I am stumped at how to pull
out query results once it is part of a class. I am also using PEAR. Here
is my code:
class user
{
var $retval;
function get_signin()
{
global $db_obj;
$DateView = date("Y-m-d");
$sql = "SELECT date_format(sys_time_sign_in, '%h:%i %p') as sign_in FROM
system_log WHERE sys_time_user_id='$_SESSION[valid_user]' AND
sys_time_date='$DateView' AND sys_time_flag='ON'";
$result = $db_obj->query($sql);
if (DB::isError($result))
die($result->getMessage());
while($rows = $db_obj->fetchRow($result, DB_FETCHMODE_ASSOC))
{
$retval[] = $rows;
}
$retval = Array();
$retval['signin'] = $signin;
return $retval;
}
}
/*
now to try to get at the var $retval
*/
$userinfo = new user();
echo $userinfo->get_signin();
It just returns "Array"? How do I, for lack of a better word....get to
this array? Outside of a class it works great, I echo $rows['sign_in']
and it works. But this! Help!
Many many thanks!
Cory
--
Cory Hicks <[EMAIL PROTECTED]>
TRI-International
--- End Message ---
--- Begin Message ---
> $userinfo = new user();
> echo $userinfo->get_signin();
> It just returns "Array"? How do I, for lack of a better word....get to
> this array? Outside of a class it works great, I echo $rows['sign_in']
> and it works. But this! Help!
> Many many thanks!
Do this instead:
$userArray = $userInfo->get_signin();
echo $userArray['sign_in'];
Chris
--- End Message ---
--- Begin Message ---
This is with PHP 4.2 and register_globals off.
I am setting cookies and starting a session in the following fashion:
setcookie("EMAILADDR", $row[EMAIL], time()+2592000, '/', ".$dn");
where $dn = mydomain.com
I want the cookies accessible sitewide .. at www.mydomain.com, mydomain.com,
forums.mydomain.com, etc.
in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished
correctly.
In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can
anyone tell me as to why? I've been prodding around cookie docs and trying
to find something that works in all browsers, and a lot of people seem to
have the same question..
Thanks!
Chad
--- End Message ---
--- Begin Message ---
On Wednesday 12 February 2003 05:44, Chad Day wrote:
> This is with PHP 4.2 and register_globals off.
>
> I am setting cookies and starting a session in the following fashion:
>
> setcookie("EMAILADDR", $row[EMAIL], time()+2592000, '/', ".$dn");
>
> where $dn = mydomain.com
>
> I want the cookies accessible sitewide .. at www.mydomain.com,
> mydomain.com, forums.mydomain.com, etc.
>
> in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished
> correctly.
>
> In NS 4.8 (and 4.7 I assume), the cookies are never even getting set. Can
> anyone tell me as to why? I've been prodding around cookie docs and trying
> to find something that works in all browsers, and a lot of people seem to
> have the same question..
archives > cookie handling
I'm sure there's some interesting reading to be found.
--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
/*
Emerson's Law of Contrariness:
Our chief want in life is somebody who shall make us do what we
can. Having found them, we shall then hate them for it.
*/
--- End Message ---
--- Begin Message ---
If you read the original cookie spec, written by Netscape, the cookie is set
based on the preceding . (dot).
So, if you set a cookie at www.domain.com (using the 5th parameter of
setcookie), you can read it ONLY from www.domain.com. If you set it at
.domain.com, as long as "dot domain dot com" is in the domain being used, it
will work. The issue that is getting you is that if you set it for .domain
(According to the original Netscape Spec), then domain.com DOES NOT MATCH,
as domain.com does not have the initial dot.
So, my guess is you are trying to write your cookie from domain.com with
code that says "write this for dot domain dot com" (.domain.com), as in your
example code. Since Netscape 4 and before follow the spec, they will not
write the cookie, as you are trying to write it to a different domain than
is setting it. (Those versions will also not read it.)
The solution??
Leave your code the way is it, making sure that $dn never contains anything
but the "domain dot com" (Only one dot). That will mean the cookie can be
written and read from any domain containing .domain.com (dot domain dot
com), such as you.domain.com, www.domain.com, anyCname_you_want.domain.com,
etc. Then, make sure your site NEVER loads without the www. (or something
dot domain).
Kind of a pain, but since newer browsers aren't sticking to that original
spec (not sure I.E. ever did), the issue is going away with time.
HTH,
Peter Janett
New Media One Web Services
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
New Upgrades Are Now Live!!!
Windows 2000 accounts - Cold Fusion 5.0 and Imail 7.1
Sun Solaris (UNIX) accounts - PHP 4.1.2, mod_perl/1.25,
Stronghold/3.0 (Apache/1.3.22), MySQL 3.23.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PostgreSQL coming soon!
http://www.newmediaone.net
webmaster "at" newmediaone.net
(303)828-9882
----- Original Message -----
From: "Jason Wong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 11, 2003 10:14 PM
Subject: Re: [PHP] setcookie() in various browsers.. 3rd followup.. anyone?
> On Wednesday 12 February 2003 05:44, Chad Day wrote:
> > This is with PHP 4.2 and register_globals off.
> >
> > I am setting cookies and starting a session in the following fashion:
> >
> > setcookie("EMAILADDR", $row[EMAIL], time()+2592000, '/', ".$dn");
> >
> > where $dn = mydomain.com
> >
> > I want the cookies accessible sitewide .. at www.mydomain.com,
> > mydomain.com, forums.mydomain.com, etc.
> >
> > in IE 5.5, IE 6.0, and NS 7.0, it seems this is being accomplished
> > correctly.
> >
> > In NS 4.8 (and 4.7 I assume), the cookies are never even getting set.
Can
> > anyone tell me as to why? I've been prodding around cookie docs and
trying
> > to find something that works in all browsers, and a lot of people seem
to
> > have the same question..
>
> archives > cookie handling
>
> I'm sure there's some interesting reading to be found.
>
> --
> Jason Wong -> Gremlins Associates -> www.gremlins.biz
> Open Source Software Systems Integrators
> * Web Design & Hosting * Internet & Intranet Applications Development *
> ------------------------------------------
> Search the list archives before you post
> http://marc.theaimsgroup.com/?l=php-general
> ------------------------------------------
> /*
> Emerson's Law of Contrariness:
> Our chief want in life is somebody who shall make us do what we
> can. Having found them, we shall then hate them for it.
> */
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
--- End Message ---
--- Begin Message ---
Are you on a Windows platform, or *nix. I would assume *nix since you
mentioned chmod.
what did you chmod the file to? who owns the file? and what user does PHP
run as (maybe nobody, or httpd)?
Just to get it to work chmod the file to 777, BUT this is a security risk.
MAKE SURE this file is NOT in the web folder (or any of it's subfolders).
Remember to write to a file PHP (the user nobody or httpd) also needs Read
and eXecute permisions on all the directories from the root all the way to
the directory contaning the file.
<[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> Newbie question:
>
> I try to modify a txt-file but get "not writable" error.
> (just like in http://www.php.net/manual/en/function.fwrite.php )
>
> I've tried to change the chmode but now I need some help.
>
> All info welcome! Thanks in advance!
>
> Paul Dunkel
> --
> [EMAIL PROTECTED]
>
--- End Message ---
--- Begin Message ---
big issues!! I'd recommend that you check out the book 'XML and PHP' by
Vikram Vaswani, New Riders. Its well written and concise - should answer
your queries and more.
(BTW, like you I also use Smarty to separate application logic and
presentation; for my purps and circumstances this is preferable to using xml
stylesheets)
David
--- End Message ---
--- Begin Message ---
Hello Lindsey,
I am posting this to [EMAIL PROTECTED] for you. The php-dev list is for
the development of PHP itself, not for user questions.
Also, as a guess to your problem, when you include a resource by URL, you are
going to receive the same output that a browser would (when you view source),
so any PHP code in that resource is going to be executed prior to receipt. If
this is a local file, you should use the filesystem path instead. For example:
include '/home/lindsey/public_html/foo.php';
instead of:
include 'http://www.example.org/~lindsey/foo.php';
If you must use a URL and you want to retain session, you will have to pass
your session identifier on the URL.
Chris
--- Lindsey Simon <[EMAIL PROTECTED]> wrote:
> I have a situation involving my session and an include().
>
> I'm trying to include() a page using the full path. My session is
> registered and I can verify all is well with it. I want to retain the
> session from within the page I'm including.
>
> So:
>
> I'm pasting my code here (please ignore the variables except the session
> stuff at the end.
>
> $this_URL = $URL . "index.php?modu=display_shots&show_ident=" .
> $_REQUEST['select_ident'] . "&select_ident=" . $_REQUEST['select_ident']
> .. "&noheader=1&nofooter=1&no_print_link=1&add_record=1&" .
> session_name() . "=" . session_id();
> include($this_URL);
>
> my webserver just hangs and I have to restart it in order to get any
> more pages from anywhere on the server.
>
> I've tested this in 4.2.3 and 4.3.
>
> Is my syntax correct in terms of what I should append to the
> URL when include()ing it? I'm basing it on what I read about passing SID
> (which I can't use since it's returning empty on the page where I have
> the include() line)
>
> Thanks for your help,
> -l
--- End Message ---
--- Begin Message ---
I created a script that sent the contents of the form via the mail(). when
I created it the server was running PHP 4.1.2. The server I am on was
upgraded to ver 4.2.2. When that happend the script stop working correctly.
It appeared to work, but the email never arrived. So, I wrote a simple
script that looked that this:
<?
if(mail('[EMAIL PROTECTED]','Testing','testinging 123'));
echo "sent"
?>
it would always show sent, but the message never arrived.
My orginal script used PEAR, but since PEAR uses the mail() I think that
this is problem.
Matt Phillips
--- End Message ---
--- Begin Message ---
I'm running PHP 4.2.2 and I'm having trouble with the printf()
function. I want to be able to print data in space padded fields with
the alpha strings left justified and the numeric strings right
justified. For some reason I can't get printf() to pad with spaces. It
pads with " "-s and right aligns the data
For example this code: printf("%' -20s %' 20s %' -20s<br>\n",$algen,
$calc_amt, $range);
returns this output: Algae 292 very high
which shows no padding.
This code: printf("%'-20s %'20s %'-20s<br>\n",$algen, $calc_amt, $range);
returns this output: ---------------Algae 292 -----------very high
which pads only the first and third strings with "-" and not " "and
right justifies to the right and not left.
This code: printf("%'\ -20s %'\ 20s %'\ -20s<br>\n",$algen, $calc_amt,
$range);
returns this output: Algae 292 very high
with no padding and no justification.
How do I get printf() to work properly?
--- End Message ---
--- Begin Message ---
----- Original Message -----
From: "Robert E. Harvey, M.D." <[EMAIL PROTECTED]>
To: "php" <[EMAIL PROTECTED]>
Sent: Tuesday, February 11, 2003 6:21 PM
Subject: [PHP] grief with printf(), padding and alignment of text
> I'm running PHP 4.2.2 and I'm having trouble with the printf()
> function. I want to be able to print data in space padded fields with
> the alpha strings left justified and the numeric strings right
> justified. For some reason I can't get printf() to pad with spaces. It
> pads with " "-s and right aligns the data
>
> For example this code: printf("%' -20s %' 20s %' -20s<br>\n",$algen,
> $calc_amt, $range);
>
> returns this output: Algae 292 very high
> which shows no padding.
View source, and see what you find there. You should consider tables or
replacing the spaces with the entity
--- End Message ---
--- Begin Message ---
Hi,
How does php handle multiple concurrent fopen fwrite fclose calls? I have a
website that gets 7 million page views a month and we have created a custom
log file using fopen fwrite and fclose. When running this concurrently with
the apache log we notice significantly lower page hits with the php logger.
My guess is that we're losing data when the requests come in concurrently.
Any advice would be appreciated.
Fred Steinkopf
--- End Message ---
--- Begin Message ---
Can anybody help me with file uploading, again...
I tried uploading a file through...
<form enctype="multipart/form-data" action="project_save.php" method="post">
<input name="project_file" type="file">
<input type="submit" value="ok">
</form>
but, on project_save.php, the
$HTTP_POST_FILES["project_file"]["size"] is zero(0) , and
$HTTP_POST_FILES["project_file"]["tmp_name"] is an empty string.
i checked,
$HTTP_POST_FILES["project_files"]["error"] has a value of 2.
What does error 2 mean???
--- End Message ---
--- Begin Message ---
> Can anybody help me with file uploading, again...
Have you tried using the fairly simple example that is given at
http://www.php.net/manual/en/features.file-upload.php yet? I've found
that starting with this example and then adding all the extras tends to
work well when you've got problems. But then, I ended up adding file
upload stuff to the form validation class that I use and this has ended
most of my file upload problems.
CYA, Dave
--- End Message ---
--- Begin Message ---
OK... I have a dynamic menu system, and I have to maintain a dynamic menu.
however, the amount of content I need in my menu is going to be rapidly
outgrown. I believe my only solution is to deploy a javascript drop down
menu (users have to be javascript compatible anyway for some other issues in
my pages).
however, it seems like anytime I try to integrate php & javascript I run
into a total nightmare. the php & javascript do not need to integrate at
the client level, but just on the server side to actually deploy the menu to
the user. (have if then statements of info from a database that will
determine if the item is displayed to the user or not, so should be pretty
easy to accomodate)
does anybody have any sample code of a javascript menu across the top of the
page that will have menu, and submenu's they are deploying with php echo
statements?
--- End Message ---
--- Begin Message ---
On Tue, 11 Feb 2003 08:27:57 -0600, you wrote:
>Thanks for the reply. I had already tried usort previously. For some
> reason, there is no data for the array fields at all in the cmp function
> - not sure why. Does anyone know? All help is appreciated! Thanks.
Can you post a short code sample which illustrates your problem?
--- End Message ---
--- Begin Message ---
I am developing a web-based GPS vehicle tracking solution using php.
I'm looking on how php can communicate with a SMSC using Smpp to issue AT
commands.
Development platform is windows 2000.
Thanks
Nyon
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.449 / Virus Database: 251 - Release Date: 27/01/2003
--- End Message ---
--- Begin Message ---
In this example which parallels a problem I am having in my real life
script. I would like to have a global object, in this case $tester. I would
then like to be able to store local references to this global object right
inside the class. These are assigned byref in the classes constructor.
This script should, by my understanding work, only it craps out in test2's
constructor: "$o = &$tester;".
Any help would be greatly appreciated. (Please cc me on your replies)
John Hughes
<?php
class test {
var $a;
function test() {
$this->a = 10;
}
function doit() {
$this->a = 20;
}
}
global $tester;
$tester = new test();
class test2 {
var $o;
function test2() {
$o = &$tester;
}
function mod() {
$o->doit();
}
}
echo $tester->a . "\n"; // Should be 10
$newtest = new test2();
$newtest->mod();
echo $tester->a . "\n"; // Should be 20
?>
--- End Message ---
--- Begin Message ---
Is there a way to configure php to use a database for sessions rather than
a text file.
I have a server farm and want the session files to be accessible to all
machines in the cluster. I can have the session file on nfs but I am
worried about file locking.
I have read tutorials on how to set session.save_handler = user and then
each script configures their seesion variables and connections, but I
want this to be transparant to my users. I do not want users to have to
change anything in their scripts.
--- End Message ---
--- Begin Message ---
Hi,
Wednesday, February 12, 2003, 1:34:49 PM, you wrote:
RM> Is there a way to configure php to use a database for sessions rather than
RM> a text file.
RM> I have a server farm and want the session files to be accessible to all
RM> machines in the cluster. I can have the session file on nfs but I am
RM> worried about file locking.
RM> I have read tutorials on how to set session.save_handler = user and then
RM> each script configures their seesion variables and connections, but I
RM> want this to be transparant to my users. I do not want users to have to
RM> change anything in their scripts.
Have a look at msession, it was built for your situation.
--
regards,
Tom
--- End Message ---
--- Begin Message ---
Hello,
I'm likely the person you're looking for.
My name's Rija
I live in Vanuatu, and I teach IT and computer science for the MontMartre
High School.
I'll give you some of the best website I've done:
- trano-bongo.com
- evelyneproducts.com
- vanua2.com
- madeinpacific.com
Also, I've done plenty static websites.
For further information
contact me at this e.mail address : [EMAIL PROTECTED]
Michael McGlaughlin <[EMAIL PROTECTED]> a écrit dans le message :
[EMAIL PROTECTED]
> Hello,
>
> I am looking for someone well versed and established who understands the
php language and who can support a product that I have that I cannot receive
support from by the original developer.
>
> What would be the best way for me to go about finding someone? We paid the
developer by making a donation to him for his script, then paid him for some
further customizations, which he completed, but now he does not appear
interested in additional cusomization work on our system and I am left in a
bit of a lurch.
>
> Any help you can give would be greatly appreciated.
>
> Sincerely,
> Michael
>
>
> _____________________________________________________________
> Get your FREE email address
> http://www.hootingowl.com
> "The Wise Way To Search"
>
> _____________________________________________________________
> Select your own custom email address for FREE! Get [EMAIL PROTECTED] w/No
Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag
--- End Message ---
--- Begin Message ---
I collect some PHP code in an HTML form (textarea) I then save this in an
array in a file using export_var(). If the code entered in the textarea is
this:
echo "To "._LOGIN." click the login link below";
And the constant _LOGIN happens to be defined in the current script that
generates the form (maybe _LOGIN = "Login" ), then the result after my
var_export() to the file is this:
$var = 'To Login click the login link below";';
Any ideas on how to keep the text of the constant definition in the string
instead of it being evaluated???
TIA,
Shawn
--- End Message ---
--- Begin Message ---
Are there any msession users here, if so please share your experiences.
I am considering using msession for a multiple server environment for
handling session data.
--- End Message ---
